Mechanisms are provided for performing centralized monitoring of application sessions across a distributed computing environment comprising a plurality of application servers. A request to perform an application session monitoring operation to monitor at least one of input or output streams of application sessions associated with a specified user account identifier is received. A plurality of application instances upon which to perform the requested application session monitoring operation are identified. An application session monitoring request is transmitted to a plurality of session control clients associated with the application instances on a plurality of application servers of the distributed computing environment. The application session monitoring request causes each session control client to monitor at least one of an input or an output stream of application sessions of application instances that are associated with the specified user account identifier, and report results of the monitoring back to the data processing system.
Legal claims defining the scope of protection, as filed with the USPTO.
1. A method, in a data processing system, for performing centralized monitoring of application sessions across a distributed computing environment comprising a plurality of application servers, comprising: receiving, in the data processing system, a request to perform an application session monitoring operation to monitor at least one of input or output streams of application sessions associated with a specified user account identifier; identifying, by the data processing system, a plurality of application instances across the plurality of application servers upon which to perform the requested application session monitoring operation; transmitting, by the data processing system, an application session monitoring request to a plurality of session control clients associated with the plurality of application instances executing on a plurality of application servers of the distributed computing environment, wherein the application session monitoring request causes each session control client, in the plurality of session control clients, to monitor at least one of an input or an output stream of the application sessions of the application instances, associated with the session control client, that are associated with the specified user account identifier, and report results of the monitoring back to the data processing system; receiving, by the data processing system, the results from the plurality of session control clients; and performing, by the data processing system, a termination operation to terminate executing application sessions of the application instances associated with the specified user account identifier.
2. The method of claim 1 , wherein the application session monitoring operation is a data capture operation for capturing at least one of input data or output data of an application session of an associated application instance associated with the specified user account identifier.
3. The method of claim 1 , wherein the application session monitoring operation is a safety evaluation operation for evaluating the safety of a request with regard to predefined types of attacks on the application instances.
4. The method of claim 1 , wherein the application session monitoring operation is an alert operation for generating and transmitting an alert notification in response to a specified application action being performed based on a request transmitted over a corresponding application session the specified user account identifier.
5. The method of claim 1 , wherein identifying the plurality of application instances upon which to perform the requested application session monitoring operation comprises performing a lookup operation in an application registry of the data processing system to identify entries corresponding to application instances upon which the requested application session monitoring operation is to be performed.
6. The method of claim 5 , wherein entries in the application registry provide an address for a corresponding application instance and associated capabilities data specifying the types of control operations capable of being performed on application sessions associated with the corresponding application instance.
7. The method of claim 6 , wherein the plurality of application instances are identified as application instances having entries in the application registry with capabilities data specifying a type of application session monitoring operation that may be performed that matches the requested application session monitoring operation.
8. The method of claim 1 , wherein each session control client of the session control clients of the application servers controls agents associated with application instances on the application server associated with the session control client to perform the requested application session monitoring operation.
9. The method of claim 8 , wherein the agents are plugin modules to the application instances on the application server associated with the session control client.
10. The method of claim 1 , further comprising: generating, by the data processing system, an output to a system administrator computing device based on the results received from the session control clients.
11. The method of claim 1 , wherein the data processing system is a centralized enterprise session services computing device that performs centralized monitoring of application sessions across the plurality of application servers in the distributed computing environment.
12. The method of claim 1 , wherein each session control client of the plurality of session control clients monitor at least one of an input or an output stream of application sessions of application instances, associated with the session control client, that are associated with the specified user account identifier, based on local policies associated with the session control client, and wherein if a condition of a local policy indicates a need to escalate the monitoring of the application sessions to an enterprise level, the session control client sends a notification to the data processing system to initiate enterprise level monitoring of application sessions of a plurality of application instances on a plurality of application servers.
13. A computer program product comprising a computer readable storage medium having a computer readable program stored therein, wherein the computer readable program, when executed on a computing device, causes the computing device to: receive a request to perform an application session monitoring operation to monitor at least one of input or output streams of application sessions associated with a specified user account identifier; identify a plurality of application instances across the plurality of application servers upon which to perform the requested application session monitoring operation; transmit an application session monitoring request to a plurality of session control clients associated with the plurality of application instances executing on a plurality of application servers of the distributed computing environment, wherein the application session monitoring request causes each session control client, in the plurality of session control clients, to monitor at least one of an input or an output stream of the application sessions of the application instances, associated with the session control client, that are associated with the specified user account identifier, and report results of the monitoring back to the data processing system receive the results from the plurality of session control clients; and perform a termination operation to terminate executing application sessions of the application instances associated with the specified user account identifier.
14. The computer program product of claim 13 , wherein the application session monitoring operation is a data capture operation for capturing at least one of input data or output data of an application session of an associated application instance associated with the specified user account identifier.
15. The computer program product of claim 13 , wherein the application session monitoring operation is a safety evaluation operation for evaluating the safety of a request with regard to predefined types of attacks on the application instances.
16. The computer program product of claim 13 , wherein the application session monitoring operation is an alert operation for generating and transmitting an alert notification in response to a specified application action being performed based on a request transmitted over a corresponding application session the specified user account identifier.
17. The computer program product of claim 13 , wherein identifying the plurality of application instances upon which to perform the requested application session monitoring operation comprises performing a lookup operation in an application registry of the data processing system to identify entries corresponding to application instances upon which the requested application session monitoring operation is to be performed.
18. The computer program product of claim 17 , wherein entries in the application registry provide an address for a corresponding application instance and associated capabilities data specifying the types of control operations capable of being performed on application sessions associated with the corresponding application instance.
19. The computer program product of claim 18 , wherein the plurality of application instances are identified as application instances having entries in the application registry with capabilities data specifying a type of application session monitoring operation that may be performed that matches the requested application session monitoring operation.
20. The computer program product of claim 13 , wherein each session control client of the session control clients of the application servers controls agents associated with application instances on the application server associated with the session control client to perform the requested application session monitoring operation.
21. The computer program product of claim 20 , wherein the agents are plugin modules to the application instances on the application server associated with the session control client.
22. The computer program product of claim 13 , wherein the computer readable program further causes the computing device to: generate an output to a system administrator computing device based on the results received from the session control clients.
23. The computer program product of claim 13 , wherein the data processing system is a centralized enterprise session services computing device that performs centralized monitoring of application sessions across the plurality of application servers in the distributed computing environment.
24. The computer program product of claim 13 , wherein each session control client of the plurality of session control clients monitor at least one of an input or an output stream of application sessions of application instances, associated with the session control client, that are associated with the specified user account identifier, based on local policies associated with the session control client, and wherein if a condition of a local policy indicates a need to escalate the monitoring of the application sessions to an enterprise level, the session control client sends a notification to the data processing system to initiate enterprise level monitoring of application sessions of a plurality of application instances on a plurality of application servers.
25. An apparatus, comprising: a processor; and a memory coupled to the processor, wherein the memory comprises instructions which, when executed by the processor, cause the processor to: receive a request to perform an application session monitoring operation to monitor at least one of input or output streams of application sessions associated with a specified user account identifier; identify a plurality of application instances across the plurality of application servers upon which to perform the requested application session monitoring operation; transmit an application session monitoring request to a plurality of session control clients associated with the plurality of application instances executing on a plurality of application servers of the distributed computing environment, wherein the application session monitoring request causes each session control client, in the plurality of session control clients, to monitor at least one of an input or an output stream of the application sessions of the application instances, associated with the session control client, that are associated with the specified user account identifier, and report results of the monitoring back to the data processing system receive the results from the plurality of session control clients; perform a termination operation to terminate executing application sessions of the application instances associated with the specified user account identifier.
26. The method of claim 1 , further comprising: denying, by the data processing system, future application sessions associated with the specified user account identifier.
27. The method of claim 1 , wherein performing the termination operation to terminate executing application sessions of the application instances associated with the specified user account identifier is in response to a termination of an employee associated with the specified user account identifier.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
November 12, 2012
August 4, 2015
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.